Splunk HTTP Event Collector (HEC)
Description
The Splunk HTTP Event Collector source can be used to receive events (logs) from applications which emit events in the Splunk HEC format. Events are converted to OTLP format and can be sent on to any destination.
The HEC source can be combined with the Splunk HEC Destination. This allows BindPlane's agent to sit in the middle of a Splunk pipeline. Giving you the ability to leverage BindPlane's processing capabilities.
Supported Platforms
| Platform | Metrics | Logs | Traces |
|---|---|---|---|
| Linux | ✓ | ||
| Windows | ✓ | ||
| macOS | ✓ |
Configuration Table
| Parameter | Type | Default | Description |
|---|---|---|---|
| listen_port | int | 8888 | Port to listen on. |
| listen_ip | string | "0.0.0.0" | IP Address to listen on. |
| access_token_passthrough | string | false | Whether to preserve incoming access token (Splunk header value) as "com.splunk.hec.access_token" metric resource label. |
| enable_tls | bool | false | Whether or not to use TLS. |
| tls_certificate_path | string | Path to the TLS cert to use for TLS required connections. | |
| tls_private_key_path | string | Path to the TLS key to use for TLS required connections. |
Example Configuration
The HEC source type has two required parameters:
- Listen IP Address
- Listening Port
It is recommended to enable the Access Token Passthrough option if you wish to preserve the Splunk access token header as a resource attribute (com.splunk_hec.access_token.
Once configured, incoming events will be displayed as logs like this:
Updated about 1 month ago